Systems and methods for probabilistic data classification

ABSTRACT

A system for performing data classification operations. In one embodiment, the system comprises a file system configured to store a plurality of computer files and a scanning agent configured to traverse the file system and compile data regarding the attributes and content of the plurality of computer files. The system also comprises an index configured to store the data regarding attributes and content of the plurality of computer files and a file classifier configured to analyze the data regarding the attributes and content of the plurality of computer files and to classify the plurality of computer files into one or more categories based on the data regarding the attributes and content of the plurality of computer files. Results of the file classification operations can be used to set appropriate security permissions on files which include sensitive information or to control the way that a file is backed up or the schedule according to which it is archived.

RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.16/944,555, entitled “SYSTEMS AND METHODS FOR PROBABILISTIC DATACLASSIFICATION” and filed on Jul. 31, 2020, which is a continuation ofU.S. patent application Ser. No. 16/818,781, entitled “SYSTEMS ANDMETHODS FOR PROBABILISTIC DATA CLASSIFICATION” and filed on Mar. 13,2020, which is a continuation of U.S. patent application Ser. No.15/654,042, entitled “SYSTEMS AND METHODS FOR PROBABILISTIC DATACLASSIFICATION” and filed on Jul. 19, 2017, issued as U.S. Pat. No.10,628,459, which is a continuation of U.S. patent application Ser. No.14/968,719, entitled “SYSTEMS AND METHODS FOR PROBABILISTIC DATACLASSIFICATION” and filed on Dec. 14, 2015, issued as U.S. Pat. No.9,740,764, which is a continuation of U.S. patent application Ser. No.13/615,084, entitled “SYSTEMS AND METHODS FOR PROBABILISTIC DATACLASSIFICATION” and filed on Sep. 13, 2012, which is a continuation ofU.S. patent application Ser. No. 12/022,676, entitled “SYSTEMS ANDMETHODS FOR PROBABILISTIC DATA CLASSIFICATION” and filed on Jan. 30,2008, each of which is incorporated by reference herein in its entirety.Any and all applications for which a foreign or domestic priority claimis identified in the Application Data Sheet as filed with the presentapplication are hereby incorporated by reference under 37 CFR 1.57.

BACKGROUND OF THE INVENTION Field of the Invention

The field of the invention relates to systems and methods for performingdata classification operations.

Description of the Related Art

As modern enterprise environments trend towards a paperless workplace,electronic data is often created at a high rate. This electronic datatakes a variety of forms which may include emails, documents,spreadsheets, images, databases, etc. Businesses have a need tofyu48yeffectively classify and organize all of this electronic data.

However, it can be extremely difficult to accurately classify largeamounts of data in ways which are time and cost effective. Existingsolutions have typically allowed a user to classify files in at leastone of two ways. The user can manually view each file and determine theappropriate classification. While this can be a relatively accuratemethod of categorizing data, it quickly becomes expensive andimpractical as the volume of data-to-be-classified increases.

Alternatively, files can be classified using an explicit set of rulesdefined by the user. For example, a data classification rule may bebased on inclusion of a keyword or a small set of keywords. With thisapproach, the classification of files can be done by machine, but theuse of explicit rules tends to be a relatively inaccurate method ofclassifying non-homogeneous files and can result in many falseclassifications.

SUMMARY OF THE INVENTION

Therefore, there is a need for more accurate automated systems forclassifying and organizing the large amounts of computer data whichexist in modern enterprise environments.

One embodiment of the invention comprises a file system configured tostore a plurality of computer files; a scanning agent configured totraverse the file system and compile data regarding the attributes andcontent of the plurality of computer files; an index configured to storethe data regarding attributes and content of the plurality of computerfiles; and a file classifier configured to analyze the data regardingthe attributes and content of the plurality of computer files and toclassify the plurality of computer files into one or more categoriesbased on the data regarding the attributes and content of the pluralityof computer files.

Another embodiment of the invention comprises a method of traversing afile system and compiling data regarding attributes and content of aplurality of computer files stored in the file system; storing the dataregarding attributes and content of the plurality of computer files inan index; analyzing the data regarding the attributes and content of theplurality of computer files; and classifying the plurality of computerfiles into one or more categories based on the data regarding theattributes and content of the plurality of computer files.

Another embodiment of the invention comprises means for traversing afile system and compiling data regarding attributes and content of aplurality of computer files stored in the file system; means for storingthe data regarding attributes and content of the plurality of computerfiles in an index; means for analyzing the data regarding the attributesand content of the plurality of computer files; and means forclassifying the plurality of computer files into one or more categoriesbased on the data regarding the attributes and content of the pluralityof computer files.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic representation of a data classification system.

FIG. 2 is a flowchart for performing classification operations on datafiles.

FIG. 3 is a schematic illustration of an embodiment of a data storagesystem for performing data storage operations for one or more clientcomputers into which may be integrated a data classification system.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

As discussed previously, there can be tradeoffs involved in performingelectronic data classification. Electronic data classification can beperformed manually with relatively good accuracy, but the process isslow and expensive. This type of process can be referred to assupervised classification. In other cases, data classification can beperformed in an automated manner, but if done using explicit rules only,automated classification can result in relatively poor accuracy. Thiscan be referred to as unsupervised classification. In still other cases,techniques can be used which result in semi-supervised classification.

Semi-supervised classification techniques may rely on some degree ofhuman input to train a machine to recognize various categories of data.Once the machine has been trained, it can perform data classificationoperations independent of further human intervention. Semi-automatedtechniques of this sort can result in greater accuracy than moresimplistic automated methods which rely solely on explicit rules. Oneexample of a semi-supervised data classification technique of this sortis a Naïve Bayes classifier. Naïve Bayes classifiers have found use incertain email systems to help in rejecting unwanted, or “spam,” messagesas they arrive over a network at an email server, for example, but notto existing files stored in a computer system.

Apart from the filtering of incoming email messages, significantbenefits can be had from applying the Naïve Bayes method, as well asother classification methods, to data that is already stored in acomputer system. In particular, there are tremendous advantages to behad from applying data classification methods to large-scale computingsystems with tremendous amounts of stored data. These advantagesinclude, among others, using automated data classification methodsclassification to place proper security restrictions on access tocertain files (this may be required by law in certain instances, such asin the case of medical records or private personnel information) or tocontrol the location where a file is stored or backed up so that it canbe located at a later date. Classification of data can also be useful indetermining whether certain files should be deleted entirely, backed upin relatively fast access storage media, or permanently archived inslower access media.

Therefore, it would be advantageous to have an automated system, withimproved accuracy, for carrying out file classification operations onthe data stored in a business' computing system. In certain preferredembodiments of the invention, such an automated system would performdata classification on a substantial portion of a business' stored fileson an enterprise-wide, cross-platform scope.

Just as there are many reasons to classify files, there are also manyschemes of doing so. Generally speaking, the task of data classificationis to assign electronic data to one or more categories based on contentor characteristics of the data. In some cases, files may be groupedaccording to common characteristics such as file size or file extension.In other cases, files could be grouped with more sophisticatedtechniques according to subject matter. Many other classificationschemes also exist and it should be understood that embodiments of theinvention can be adapted to use a wide variety of classificationschemes.

FIG. 1 is a schematic representation of an automated system forperforming data classification on electronic files according to oneembodiment of the invention. The file servers 120, which can include orbe coupled to electronic data storage devices, handle I/O requests to afile system shared by a plurality of client computers (not shown) in abusiness' computing system. The client computers can be coupled to thefile servers 120 via the Local Area Network (LAN) 190, or in any otherway known in the art. In this way, the file servers 120 house asubstantial portion of a business' electronic data, which is accessibleto a plurality of client computers via the network 190.

In other embodiments, the shared data storage capacity could take a formother than shared file servers. For example, shared storage devicescould be coupled to a plurality of client computers via a Storage AreaNetwork (SAN) or a Network Attached Storage (NAS) unit. Other sharedelectronic data storage configurations are also possible.

In one embodiment, each file server 120 may include a file systemscanning agent 110. The file system scanning agents 110 cansystematically traverse data housed by a corresponding file server 120.The file system scanning agents 110 can access electronic files andcompile information about the characteristics of the files, the contentof the files, or any other attribute of interest that could serve as thebasis for categorizing the electronic files. File system classificationagents 110 can be configured to operate with any type of filesystem.

Furthermore, while the file system scanning agents 110 are illustratedas modules operating within the file servers 120, in other embodimentsthe file system scanning agents 110 can be separate devices coupled tofile servers 120 via a network 190. In still other embodiments, filesystem scanning agents 110 can be made capable of directly accessingdata storage devices shared by a plurality of client computers over thenetwork 190, such as via SAN networks or NAS units. The file systemscanning agents can be implemented in any combination of hardware andsoftware.

As file system scanning agents 110 compile information about filecharacteristics, content, etc., the information can be shared with afile indexing service 150 which can maintain databases, such as a fileattribute index 170 and a file content index 180, to store theinformation. In some embodiments, the file attribute index 170 can becombined with the file content index 180, or the two indexes can beimplemented as a number of sub-indexes. In one embodiment, the fileindexing service 150 may be a module operating on an Intelligent FileClassifier (IFC) server 130 and information can be exchanged between thefile system scanning agents 110 and the file indexing service 150 viathe network 190.

The IFC server 130 can include a data processor and electronic memorymodules. The IFC server may also include a file classifier program 140module which can access the file attribute 170 and the file content 180indexes and classify electronic data files as members of variouscategories, according to the methods described below. The IFC server 130may also include a user interface 160 to allow a user to input thecharacteristics or content of a category of interest and to view alisting of the designated member files of a data classificationoperation performed by the file classifier program 140. The userinterface 160 may comprise any type of user interface known in the art,such as an I/O terminal coupled to the IFC server 130 or a web server toallow a user to remotely access the IFC server 130.

FIG. 2 is a flowchart which represents an exemplary method of performingdata classification operations using the system illustrated in FIG. 1.At block 210 a file system scanning agent 110 traverses a file systemand compiles information regarding the attributes and content ofelectronic files stored in the filesystem. In some embodiments, the filesystem scanning agents 110 may have access to a database which indicatesthe date that a particular file's attributes and content were lastgathered. In these embodiments, the file system scanning agents 110 maydetermine whether this date came after the last known modification tothe file, in which case the file system scanning agent 110 may beconfigured to skip the current file and move on to the next availablefile.

In other embodiments, the file system scanning agents 110 may benotified any time a file is created or modified so that the new ormodified file's attributes and contents can be compiled or updated. Thefile system scanning agents 110 may be notified of these events by filesystem drivers whenever a file system I/O request is made, by a packetsniffer coupled to a network which scans the contents of data packetstransmitted over the network to determine when a file is created ormodified, or using any other technique known in the art.

File attributes compiled by the file system scanning agents 110 mayinclude, but are not limited to, the file name, its full directory path,size, type, dates of last modification and access, or other types ofmetadata. The file attribute information may be transmitted to a fileindexing service 150 to be stored in a file attribute index 170. Thisindex may take the form of a relational database which can be searchedby any attribute entry or combination of attributes. In certainembodiments, the file attribute index 170 can be a centralized databasemanaged by a file indexing service 150 which receives file attribute andcontent information from a plurality sources. The file attribute index170 may also include information regarding the categories to which aparticular file is presently marked as belonging to, or has been markedas having belonged to in the past.

The file system scanning agents 110 can also analyze data files tocatalog their content. For example, if the file includes text, the filesystem scanning agents 110 may create a list of keywords found withinthe file as well as frequency counts for each of the keywords. If thefile is not a text file but rather an image of a document, theclassification element 312 may first perform an optical characterrecognition (OCR) operation before creating keyword lists and frequencycounts. The file content information may be transmitted to a fileindexing service 150 to be stored in a file content index 180. The filecontent index 180 may take the form of a searchable database whichcontains the keyword lists and frequency counts gathered by the filesystem scanning agents 110 as well as logical mappings of keywords tothe files in which they are found. Much like the file attribute index170, it may be advantageous for the file content index to be managed bya file indexing service 150 which receives file attribute and contentinformation from a plurality of sources.

The file content index 180 may be searched by file, producing a list ofkeywords for the file. The file content index 180 may also be searchedby keyword, producing a list of files which contain that word. This typeof search result can include a relevance ranking which orders the listof files which contain the search term by the frequency with which theyappear in the file. Other methods of cataloguing and searching the filecontent index 180 can also be used.

Other types of files besides text-containing documents can be analyzedfor content as well. For example, digital image processing techniquescan be used to scan image files for certain image features using objectrecognition algorithms to create a catalogue of features that areidentified. Similarly, audio files could be scanned to cataloguerecognizable features. In fact, the file system scanning agents 110 canbe used to analyze any file type for any type of content to the extentthat there exists a method for performing such analysis. In any case, acatalogue of the identified file content can be kept in the file contentindex 180.

At block 220, a file system scanning agent 110 transmits file attributeand content information to the file indexing service 150. At block 230,the file indexing service 150 stores that information in the appropriateindex. Files stored by the file servers 120 can classified, ordesignated as members of a defined category, based on the information inthese indexes. The classification of a file can be based on informationfrom the file attribute index 170, the file content index 180, or somecombination of both.

As described above, some classification techniques are semi-supervisedin that they rely on some degree of human input to train a machine torecognize various categories of data before. Once the machine has beentrained, it can perform data classification operations substantiallyindependent of further human intervention. Blocks 240, 250, and 260represent an embodiment of a method for training an automated dataclassification system which employs semi-supervised classificationtechniques. Embodiments of the invention will be described belowprimarily in terms of a Naïve Bayes classification algorithm, howeverneural networks or strict Bayesian networks are also suitablecandidates. Other types of classifiers or algorithms can also be used.

For example, it should be understood that fully supervised and fullyunsupervised classification techniques can be advantageously used incertain embodiments of the invention. One embodiment of the inventionmay use a set of explicit user-defined rules to decrease the number offiles to which a more computationally expensive classification method isthen applied. For example, a user may wish to identify only recent filesbelonging to a particular category. In such a case, an explicit rulerequiring a file to have been modified no longer than thirty dayspreviously could be used to decrease the number of candidate files to beanalyzed using a Naïve Bayes algorithm, which uses a morecomputationally complex calculation to determine a probability that aparticular file belongs to the desired category.

At block 240, a user creates a name for a particular category of data,members of which he or she would like to locate amongst the mass of datastored in file servers 120 or some other type of shared storage deviceaccessible to a plurality of client computers. This can be done with theuser interface 160 of the IFC server. At block 250, the user can selectsample files from the file attribute 170 and file content 180 indexeswhich are properly designated as members of the category of data whichthe user wishes to identify. These sample files can constitute atraining set of data which allows the file classifier program 140 to“learn” how to identify files stored by the file servers 120 which aremembers of the desired category. Using this training set of data, thefile classifier program 140 computes, at block 260, a set ofclassification rules that can be applied to the files from the fileattribute 170 and file content 180 indexes which were not included inthe training set.

At block 270, the set of test data is used to calculate a probabilitythat a file belongs to the desired category. This can be done for eachfile indexed by the indexing service 150 that lies outside the trainingset selected by the user. Finally, at block 280, the user interface 160can format the results of the classification operation and present theresults to the user. For example, the user interface 160 can present alist of each file which was determined by the file classifier program140 to belong to a desired category.

Some classification techniques, such as a Naïve Bayes algorithm, mayoutput a probability that a given unclassified file should be marked asbelonging to a certain category. In these embodiments, the determinationthat a file belongs to a particular category may be based on thecalculated probability of the file belonging to the category exceeding athreshold. A determination can be made whether the probability is highenough to risk a mistaken classification and justify classifying thefile as a member of the category in question. In such cases, the fileclassifier program 140 may be configured to mark the file as a member ofthe category if the probability exceeds a user-defined threshold.

For example, a user might configure the classification element to mark afile as a member of a category only if the calculated probability isgreater than 85%. In cases where the accuracy of the classificationoperation IS critical and where the calculated probability falls shortof the threshold by a relatively small margin, the file classifierprogram may be configured to mark the file as being a questionablemember of the category and allow a user to view the file to determinewhether it should or should not be designated as a member of thecategory in question.

Once the file has been classified, it may be labeled as a member of thedesignated category in the file attribute index. A file may beclassified as a member of more than one category. In some embodiments, acategory of files may be defined temporarily by a user query. In otherembodiments, a category of files can be defined on a relativelypermanent basis and new files which meet the criteria of the categorypreviously calculated by the file classifier program 140 on the basis ofa training set of data can be automatically added to the category asthey are created or modified.

A specific example of a Naïve Bayes classifier, according to oneembodiment of the invention, will now be given based on the trainingdata in the following chart.

File Contains Belongs to File Size < 1 Keyword “Personnel Name KB?“SSN”? Records” Category? Foo.doc Yes Yes Yes Bar.doc No Yes Yes Bas.docYes No No Qux.doc Yes No No Quux.doc No Yes Yes

In the above training set of data, five files have been marked by a useras belonging, or not belonging, to a category called “PersonnelRecords.” The training data includes both members (Foo.doc, Bar.doc, andQuux.doc) of the desired category, as well as non-members (Bas.doc andQux.doc). In this example, the data on whether each of the files in thetraining set is smaller than 1 KB can be obtained from the fileattribute index 170. The data on whether each file contains the keyword“SSN” can be obtained from the file content index 180.

Based on this information, the file classifier program 140 can calculatea probability that files smaller than 1 KB are members of the “PersonnelRecords” category. Based on the above training data, one out of threefiles which are smaller than 1 KB are also members of the “PersonnelRecords” category, for a probability of 33%. The file classifier program140 can also calculate a probability that files which contain thekeyword “SSN” are members of the “Personnel Records” category. Three outof three files which contain the keyword “SSN” are also members of the“Personnel Records” category. This leads to a calculated probability of100% that a file belongs to the “Personnel Records” category if itcontains the keyword “SSN.”

An overall probability that a file belongs to the desired category canalso be calculated from the training set of data. In this case, threeout of the five files in the training set are members of the “PersonnelRecords” category for an overall probability of membership of 60%. Usingthese probabilities, the file classifier program can analyze whetherfiles outside the training set are smaller than 1 KB or contain thekeyword “SSN,” and then determine the probability that the file belongsto the “Personnel Records” category using Bayes Theorem, or similarmethod.

In general, the larger the training set of data and the morerepresentative it is of a cross-section of files in the file system interms of attributes, content, and membership in the desired category,the more accurate will be the results obtained from the classificationoperation performed by the file classifier program 140 when using aNaïve Bayes algorithm. However, other characteristics of a training setof data can be emphasized in embodiments of the invention which useother classification algorithms.

Once the file classifier program 140 has finished classifying a file,some course of action may be taken by the IFC server 130 based on theoutcome of the file classification operation. In some cases the courseof action may be pre-determined and user-defined. In this type ofembodiment, IFC server 130 may include a database that contains a listof classification outcomes, such as “File Classified as PersonnelInformation,” as well as a corresponding action to be performed when theassociated classification outcome occurs. In other embodiments, the IFCserver 130 may include learning algorithms to independently determinewhat course of action to take after a classification operation iscompleted based on its past experience or based on a set of trainingdata that has been provided to guide its actions.

One action that could be taken by the IFC server 130 based on a fileclassification outcome is changing access permissions on a file based onthe sensitivity of the category to which it belongs. It may be desirableto limit access of the file to certain users of the host computingsystem for any number of reasons: the file may contain sensitivepersonal employee information, trade secrets, confidential financialinformation, etc.

Another action that could be taken by the IFC server 130 based on a fileclassification outcome is to change the backup or archive schedule forthe file. Certain categories of files may be classified as non-critical.It may be preferable to backup these types of files less regularly inorder to conserve system resources. In addition, these files may bemigrated to slower access storage sooner than would be the case for moreimportant files, or possibly never. Other categories of files may beclassified as critical data. As such, it will likely be desirable toregularly backup these files and possibly maintain them in fast accessmemory for an extended period of time.

In addition, it would be possible to carefully create and manage aschedule for permanently archiving these files due to the criticalinformation they contain. In embodiments of the invention where theresults of a data classification operation are used to influence howcertain categories of information are backed up or archived, it may bebeneficial to integrate a data classification system, such as the oneillustrated in FIG. 1, with a data storage and backup system. Manydifferent types of data storage and backup systems can be used for thispurpose. However, an exemplary data storage and backup system which canbe modified to include a data classification system is illustrated inFIG. 3.

FIG. 3 illustrates a storage cell building block of a modular datastorage and backup system. A storage cell 350 of a data storage systemperforms storage operations on electronic data for one or more clientcomputers in a networked computing environment. The storage system maycomprise a Storage Area Network (SAN), a Network Attached Storage (NAS)system, a combination of the two, or any other storage system at leastpartially attached to a host computing system and/or storage device by anetwork. Besides operations that are directly related to storingelectronic data, the phrase “storage operation” is intended to alsoconvey any other ancillary operation which may be advantageouslyperformed on data that is stored for later access.

Storage cells of this type can be combined and programmed to functiontogether in many different configurations to suit the particular datastorage needs of a given set of users. Each storage cell 350 mayparticipate in various storage-related functions, such as backup, datamigration, quick data recovery, etc. In this way storage cells can beused as modular building blocks to create scalable data storage andbackup systems which can grow or shrink in storage-related functionalityand capacity as a business' needs dictate. This type of system isexemplary of the CommVault QiNetix system, and also the CommVault GALAXYbackup system, available from CommVault Systems, Inc. of Oceanport, N.J.Similar systems are further described in U.S. patent application Ser.Nos. 09/610,738 and 11/120,619, which are hereby incorporated byreference in their entirety.

As shown, the storage cell 350 may generally comprise a storage manager300 to direct various aspects of data storage operations and tocoordinate such operations with other storage cells. The storage cell350 may also comprise a data agent 395 to control storage and backupoperations for a client computer 385 and a media agent 305 to interfacewith a physical storage device 315. Each of these components may beimplemented solely as computer hardware or as software operating oncomputer hardware.

Generally speaking, the storage manager 300 may be a software module orother application that coordinates and controls storage operationsperformed by the storage operation cell 350. The storage manager 300 maycommunicate with some or all elements of the storage operation cell 350including client computers 385, data agents 395, media agents 305, andstorage devices 315, to initiate and manage system backups, migrations,and data recovery. If the storage cell 350 is simply one cell out of anumber of storage cells which have been combined to create a larger datastorage and backup system, then the storage manager 300 may alsocommunicate with other storage cells to coordinate data storage andbackup operations in the system as a whole.

In one embodiment, the data agent 395 is a software module or part of asoftware module that is generally responsible for archiving, migrating,and recovering data from a client computer 385 stored in an informationstore 390 or other memory location. Each client computer 385 may have atleast one data agent 395 and the system can support multiple clientcomputers 385. In some embodiments, data agents 395 may be distributedbetween a client 385 and the storage manager 300 (and any otherintermediate components (not shown)) or may be deployed from a remotelocation or its functions approximated by a remote process that performssome or all of the functions of data agent 395.

Embodiments of the storage cell 350 may employ multiple data agents 395each of which may backup, migrate, and recover data associated with adifferent application. For example, different individual data agents 395may be designed to handle Microsoft Exchange data, Lotus Notes data,Microsoft Windows file system data, Microsoft Active Directory Objectsdata, and other types of data known in the art. Other embodiments mayemploy one or more generic data agents 395 that can handle and processmultiple data types rather than using the specialized data agentsdescribed above.

Generally speaking, a media agent 305 may be implemented as softwaremodule that conveys data, as directed by a storage manager 300, betweena client computer 385 and one or more storage devices 315 such as a tapelibrary, a magnetic media storage device, an optical media storagedevice, or any other suitable storage device. The media agent 305controls the actual physical level data storage or retrieval to and froma storage device 315. Media agents 305 may communicate with a storagedevice 315 via a suitable communications path such as a SCSI or fiberchannel communications link. In some embodiments, the storage device 315may be communicatively coupled to a media agent 305 via a SAN or NASsystem, or a combination of the two. As shown in FIG. 3, media agents305 may include databases 310.

It should be appreciated that any given storage cell in a modular datastorage and backup system, such as the one described, may comprisedifferent combinations of hardware and software components besides theparticular configuration illustrated in FIG. 3. Furthermore, in someembodiments, certain components may reside and execute on the samecomputer. A storage cell may also be adapted to include extra hardwareand software for performing additional tasks in the context of a datastorage and backup system. In particular, storage operation cells mayinclude hardware and software for performing file classificationoperations. In particular, the storage cell 350 may be modified toinclude a file system scanning agent 110 and an IFC server 130.

The IFC server 130 may comprise a file classifier program 140, a fileindexing service 150, and a user interface 160. Each of these componentsmay function substantially in accordance with the description of thesecomponents set forth above with reference to FIGS. 1 and 2. However,certain modification to these components may be dictated by theconfiguration of the computing system into which they are beingincorporated. In these instances it is within the ability of one ofordinary skill in the art to make these adaptations.

Preferred embodiments of the claimed inventions have been described inconnection with the accompanying drawings. While only a few preferredembodiments have been explicitly described, other embodiments willbecome apparent to those of ordinary skill in the art of the claimedinventions based on this disclosure. Therefore, the scope of thedisclosed inventions is intended to be defined by reference to theappended claims and not simply with regard to the explicitly describedembodiments of the inventions.

1-24. (canceled)
 25. A system comprising: one or more computing devicescomprising computer hardware with one or more processors configured to:access one or more data blocks of one or more files; update or create,based on the one or more data blocks, index data associated with the oneor more files with content of the one or more data blocks and at leastone file attribute associated with the one or more files; based, atleast in part, on the updated index data associated with the one or morefiles, classify the one or more files as a member of a first category;following an incremental or differential backup of the one or morefiles, access one or more modified data blocks of the one or more files,wherein the one or more modified data blocks are data blocks that havebeen modified since the classification of the one or more files as amember of the first category; update the index data associated with theone or more files based on the one or more modified data blocks; andbased, at least in part, on some of the content of the one or more filesand at least one file attribute of the updated index data associatedwith the one or more files, classify the one or more files as a memberof a second category.
 26. The system of claim 25, wherein the one ormore computing devices are further configured to alter security accessrestrictions of the one or more files based upon classification of beinga member of at least one category.
 27. The system of claim 25, whereinthe one or more computing devices are further configured to alter a databackup schedule or a data migration plan of the one or more files basedupon classification of being a member of at least one category.
 28. Thesystem of claim 25, wherein the one or more data blocks are secondarycopies stored on one or more secondary storage devices.
 29. The systemof claim 25, wherein the one or more processors are further configuredto: determine a probability that the one or more files should beclassified as a member of the first category; and determine that theprobability satisfies a probability threshold for classifying the one ormore files as a member of the first category, wherein the probabilitythreshold is specified by a classification rule associated with thefirst category.
 30. The system of claim 29, wherein the classificationrule was computed using a training data set.
 31. The system of claim 25,wherein the index data is stored separately from storage devices wherethe one or more files are stored.
 32. The system of claim 25, whereinthe at least one file attribute comprises information indicating filesize, name, path, type, or date of creation or modification of the oneor more files.
 33. The system of claim 25, wherein the index datafurther comprises data indicating at least one classification categorythat the one or more files have been identified as being members of. 34.The system of claim 25, wherein the index data further comprises, foreach of the one or more files, a list of keywords present in the one ormore files and a frequency count for each keyword.
 35. A method forclassifying files, the method comprising: with one or more computingdevices comprising computer hardware with one or more processors:accessing one or more data blocks of one or more files; updating orcreating, based on the one or more data blocks, index data associatedwith the one or more files with content of the one or more data blocksand at least one file attribute associated with the one or more files;based, at least in part, on the updated index data associated with theone or more files, classifying the one or more files as a member of afirst category; following an incremental or differential backup of theone or more files, accessing one or more modified data blocks of the oneor more files, wherein the one or more modified data blocks are datablocks that have been modified since the classification of the one ormore files as a member of the first category; updating the index dataassociated with the one or more files based on the one or more modifieddata blocks; and based, at least in part, on some of the content of theone or more files and at least one file attribute of the updated indexdata associated with the one or more files, classifying the one or morefiles as a member of a second category.
 36. The method of claim 35, themethod further comprising altering security access restrictions of theone or more files based upon classification of being a member of atleast one category.
 37. The method of claim 35, the method furthercomprising altering a data backup schedule or a data migration plan ofthe one or more files based upon classification of being a member of atleast one category.
 38. The method of claim 35, wherein the one or moredata blocks are secondary copies stored on one or more secondary storagedevices.
 39. The method of claim 35, the method further comprising:determining a probability that the one or more files should beclassified as a member of the first category; and determining that theprobability satisfies a probability threshold for classifying the one ormore files as a member of the first category, wherein the probabilitythreshold is specified by a classification rule associated with thefirst category.
 40. The method of claim 39, wherein the classificationrule was computed using a training data set.
 41. The method of claim 35,wherein the index data is stored separately from storage devices wherethe one or more files are stored.
 42. The method of claim 35, whereinthe at least one file attribute comprises information indicating filesize, name, path, type, or date of creation or modification of the oneor more files.
 43. The method of claim 35, herein the index data furthercomprises data indicating at least one classification category that theone or more files have been identified as being members of.
 44. Themethod of claim 35, wherein the index data further comprises, for eachof the one or more files, a list of keywords present in the one or morefiles and a frequency count for each keyword.